>> however, we have an issue with the signal notification in __do_notify() >> we could kill a process in a different pid namespace. > > So I took a quick look at the code as it is (before this patchset) > and the taking a reference to a socket and the taking a reference to > a struct pid should do the right thing when we intersect with other > namespaces. It certainly does not look like a fundamental issue. right. this should be covered when the pid namespace signal handling is complete. kill_pid_info() should fail to send a signal to a sibling or a parent pid namespace. I guess we should add a WARNING() to say that we're attempting to do so. > In practice the patchset as written does conflict with the network > namespace work in the net-2.6.24 tree so some adjustments will need > to be made. I think no more than fixing the CLONE flags in sched.h and the conflicts in nsproxy.c. Thanks ! C. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers